Field of the Invention
The invention relates to a computer network for data transmission between network nodes, the network nodes being authenticatable to one another by means of authentication information of a PKI. A root certificate authority is configured for generating the authentication information for the PKI. Furthermore, the invention relates to a network node for such a computer network with an authentication information storage unit, a processing device and a network communication device. The invention also relates to a method for authenticating such a network node to such a computer network, wherein the authentication information has a key information assigned to the network node and a signature information, and wherein a signature information is generated from a key information and a root key information assigned to the root certification authority.
Background Information
The central element of a public key infrastructure (PKI) is the root certificate authority (RootCA), which issues certificates and keeps certification revocation lists (CRL, revocation information list) up-to-date. This functionality usually requires a link of the network to the RootCA. In the case of an onboard solution, for example in an aircraft, specific problems occur. A RootCA, which itself has access to the on-board network, is possibly exposed to attackers. In order to achieve a sufficient level of security, an elaborate and expensive safeguard of the RootCA, for example in the form of a firewall, is used.
Moreover, for the purpose of changes, for example in order to issue a certificate, revoke a certificate or to change the certificate revocation lists, there has to be a link to the RootCA in a conventional PKI infrastructure. This may not always be possible in the case of airplanes, particularly in flight or on the ground in an untrustworthy environment.